How to perform addition action on login in Laravel 5.8? - laravel

In Laravel 5.8 the Auth\LoginController is just:
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* #var string
*/
protected $redirectTo = '/my-team';
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
}
On login I want to perform some custom actions for the user, but I can't figure out where I can place this code. The documentation doesn't seem to help.
Is there a method I can overwrite/extend with my own?
Laravel 5.2 used to have a login() method in the Auth controller where I could just write additional code.

You can override the login() method in LoginController. As you said, in Laravel 5.8 the login() method doesn't exist, but you can define it yourself. The newly defined login() method will override the default one and then you can do whatever extra you want to after or before the user signs in. Here is a snippet from Laracasts:
public function login(Request $request)
{
$this->validateLogin($request);
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if(Auth::attempt(['email' => $request->email, 'password' => $request->password, 'is_activated' => 1])) {
// return redirect()->intended('dashboard');
} else {
$this->incrementLoginAttempts($request);
return response()->json([
'error' => 'This account is not activated.'
], 401);
}
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
Just go through it and see what has been done there. In short, you can modify the login() method to do whatever you want before or after a user signs in.

There are two functions provided by the AuthenticatesUsers trait. You can customize those in the login controller.
Login Form
public function showLoginForm()
{
return view('auth.login');
}
Handle Login
public function login(Request $request)
{
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
You can place these two functions in the login controller and make changes as you want.

The best place to add your custom actions is to override authenticated method in your LoginController
protected function authenticated(Request $request, $user)
{
// Your code
}

Just go to where the Illuminate\Foundation\Auth\AuthenticatesUsers trait is located and you will find all the methods you want
it's located in :
vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers
Or you can overwrite it in the LoginController to do what ever you want

Related

Laravel custom Login Throttling

I want to add Login Throttling to my custom login code. I use an email and a password for the login. Here is what i did:
I added
use ThrottlesLogins;
protected $maxLoginAttempts=3;
protected $lockoutTime=20;
at the beginning of my class, and then in my login method i did:
public function login(Request $request)
{
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
If the login fails i add
$this->incrementLoginAttempts($request);
if it succeed I add
$this->clearLoginAttempts($request);
The problem though i'm getting:
Undefined method LoginController::username
I'm guessing it is because i use an email instead of a username for login. What is the solution for this?
This particular trait, ThrottlesLogins, is meant to be used for the default LoginController that uses the AuthenticatesUsers trait, which provides a username method.
You can define this method yourself:
/**
* Get the login username to be used by the controller.
*
* #return string
*/
public function username()
{
return 'email';
}

Laravel force user to logout if deleted status

I am trying to force a logout during the login process when a user has a status flag of value 0.
Here's my login code:
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* #var string
*/
//protected $redirectTo = '/landlords/dashboard';
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
protected function redirectTo()
{
$user=Auth::user();
if($user->account_type == 1){
return '/t/dashboard';
}elseif($user->account_type==2){
return '/l/dashboard';
} else {
return '/a/dashboard';
}
}
}
It looks like Auth::user() infers that they are already logged in. How do i proceed in logging out the authenticated user and redirecting to /login if they have $user->status == 0
Just to complement #Tim Lewis answer, you can also avoid the user login if doesn't have a status == 1, adding an extra condition to the authentication query in addition to the user's e-mail and password. Specifying Additional Conditions
public function authenticate(Request $request)
{
if (Auth::attempt(['email' => $email, 'password' => $password, 'status' => 1])) {
// all ok, you can redirect the user
}
}
UPDATE
Also you can create a middleware that checks that field in the logged in user, in case the user is already logged in when the status changes:
artisan make:middleware CheckStatus
then in \app\http\Kernel.php, in the $routeMiddleware array, add:
//you can change checkStatus to canBeLogued, or whatever you want, I'm not good it english at all
'checkStatus' => \App\Http\Middleware\CheckStatus::class,
then in \app\http\Middleware\CheckStatus.php, something like this in the handle method:
if(Auth::check() && Auth::User()->status == 0)
Auth::logout();
return redirect()->to('/login')->with('warning', 'Your session has expired because your status change.');
}
return $next($request);
then, apply that middleware to the routes you want. If it's applicable to all the routes, you could do something like this in web.php
Route::group(['middleware' => 'checkStatus'], function () {
//all your protected routes
});
You can simply check $user in redirectTo():
protected function redirectTo(){
$user = auth()->user();
if($user->status == 0){
auth()->logout();
return '/login';
}
if($user->account_type == 1){
return '/t/dashboard';
} else if($user->account_type==2){
return '/l/dashboard';
} else {
return '/a/dashboard';
}
}
An argument can be made that you shouldn't let the user login if they have a status of 0, and that would simply be done by overriding the login logic. I don't personally use Laravel's default auth logic, so I can't advise on that approach, but it should be an option.

How to Verify Email Without Asking the User to Login to Laravel

I am developing a Laravel application. My application is using Laravel built-in auth feature. In the Laravel auth when a user registers, a verification email is sent. When a user verifies the email click on the link inside the email, the user has to login again to confirm the email if the user is not already logged in.
VerificationController
class VerificationController extends Controller
{
use VerifiesEmails, RedirectsUsersBasedOnRoles;
/**
* Create a new controller instance.
* #return void
*/
public function __construct()
{
$this->middleware('auth');
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
public function redirectPath()
{
return $this->getRedirectTo(Auth::guard()->user());
}
}
I tried commenting on this line.
$this->middleware('auth');
But it's s not working and instead, throwing an error. How can I enable Laravel to be able to verify email even if the user is not logged in?
First, remove the line $this->middleware('auth');, like you did.
Next, copy the verify method from the VerifiesEmails trait to your VerificationController and change it up a bit. The method should look like this:
public function verify(Request $request)
{
$user = User::find($request->route('id'));
if (!hash_equals((string) $request->route('hash'), sha1($user->getEmailForVerification()))) {
throw new AuthorizationException;
}
if ($user->markEmailAsVerified())
event(new Verified($user));
return redirect($this->redirectPath())->with('verified', true);
}
This overrides the method in the VerifiesUsers trait and removes the authorization check.
Security (correct me if I'm wrong!)
It's still secure, as the request is signed and verified. Someone could verify another user's email address if they somehow gain access to the verification email, but in 99% of cases this is hardly a risk at all.
Here's a more future proof solution to the problem:
class VerificationController extends Controller
{
// …
use VerifiesEmails {
verify as originalVerify;
}
/**
* Create a new controller instance.
*
* #return void
*/
public function __construct()
{
$this->middleware('auth'); // DON'T REMOVE THIS
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
/**
* Mark the authenticated user's email address as verified.
*
* #param Request $request
* #return Response
*
* #throws AuthorizationException
*/
public function verify(Request $request)
{
$request->setUserResolver(function () use ($request) {
return User::findOrFail($request->route('id'));
});
return $this->originalVerify($request);
}
}
So when an email confirmation link is clicked by an unauthenticated user the following will happen:
User will be redirected to the login view 1
User enters credentials; logs in successfully 2
User will be redirect back to the email confirmation URL
Email will be marked as confirmed
1 The email will not be marked as confirmed at this point.
2 The user may enter bad credentials multiple times. As soon as he enters the correct credentials he will be redirected to the intended email confirmation URL.
// For Laravel 6 and Above
use Illuminate\Auth\Events\Verified;
use Illuminate\Http\Request;
use App\User;
// comment auth middleware
//$this->middleware('auth');
public function verify(Request $request)
{
$user = User::find($request->route('id'));
if (!hash_equals((string) $request->route('hash'), sha1($user->getEmailForVerification()))) {
throw new AuthorizationException;
}
if ($user->markEmailAsVerified())
event(new Verified($user));
return redirect($this->redirectPath())->with('verified', true);
}
Solution to allow email verification for users who are not logged in (i.e. without auth):
Changes to: app/Http/Controllers/Auth/VerificationController.php:
$this->middleware('auth'); to $this->middleware('auth')->except('verify');
Copy verify() method from the VerifiesEmails trait.
Edit verify method to work without expected $request->user() data.
My verify() method in the VerificationController looks like this:
public function verify(\Illuminate\Http\Request $request)
{
$user = User::find($request->route('id'));
if ($request->route('id') != $user->getKey()) {
throw new AuthorizationException;
}
if ($user->markEmailAsVerified())
event(new Verified($user));
return redirect()->route('login')->with('verified', true);
}
Signed middleware
Laravel uses a middleware named signed to check the integrity of URLs that were generated by the application. Signed checks whether the URL has been changed since it was created. Try changing the id, expiry time or the signature in the url and it will lead to an error - very effective and useful middleware to protect the verify() method
For more information: https://laravel.com/docs/8.x/urls#signed-urls
(Optional)
I redirected my users to the login route, rather than the intended route for two reasons. 1) After login, it would try to redirect the user to the email verification link, leading to an error; 2) I wanted to use the verified true flash data that was attached to the redirect, to show an alert on the login page, if the user had successfully verified their email address.
Example of my login page alert:
#if(session()->has('verified'))
<div class="alert alert-success">Your email address has been successfully verified.</div>
#endif
Suggestions
If you have any suggestions on how I could improve this code, please let me know. I'd be happy to edit this answer.
You should not remove $this->middleware('auth') altogether as that will effect the redirects. If you remove it, the unauthenticated users will be redirected to "/email/verify" instead of "/login"
so $this->middleware('auth'); will be changed to $this->middleware('auth')->except('verify'); in "VerificationController"
Also copy the "verify" function from "VerifiesEmails" into "VerificationController"
add these two lines of code at the top of the function
$user = User::find($request->route('id'));
auth()->login($user);
so you are logging in the user programmatically and then performing further actions
Here's my take on the situation. Verification requires user to login before it can complete the verification, so we can override the verify function and login user using ID we received in the link. It is safe cause verify function is not called if Laravel can't verify the signature from URL so even if someone temper the URL they won't be able to bypass it.
Go to your VerificationController and add the following function at the end of the file.
public function verify(Request $request)
{
if (!auth()->check()) {
auth()->loginUsingId($request->route('id'));
}
if ($request->route('id') != $request->user()->getKey()) {
throw new AuthorizationException;
}
if ($request->user()->hasVerifiedEmail()) {
return redirect($this->redirectPath());
}
if ($request->user()->markEmailAsVerified()) {
event(new Verified($request->user()));
}
return redirect($this->redirectPath())->with('verified', true);
}
Note
Make sure you have same_site value in 'config/session.php' set to 'lax'. If it is set to 'strict' then it won't persist session if you were redirected from another site. For example, if you click a verification link from Gmail then your session cookie won't persist, so it won't redirect you to dashboard, but it sets 'email_verified_at' field in the database marking the verification successful. The user won't get any idea what was happened because it will redirect the user to the login page. When you have set it to 'strict', it will work if you copy the verification link directly in the browser address bar but not if the user clicks the link from the Gmail web client because it uses redirect to track the link.
if you want to active user account without login you can do that in 2 steps
1- Remove or comment Auth middleware in VerificationController
Example below:
public function __construct()
{
//$this->middleware('auth');
$this->middleware('signed')->only('verify');
$this->middleware('throttle:6,1')->only('verify', 'resend');
}
2- since verify route passing the {id} you can just edit verify function to find the user by the route id request like code below :
file path : *:\yourproject\vendor\laravel\framework\src\Illuminate\Foundation\Auth\VerifiesEmails.php
$user = User::findOrfail($request->route('id'));
Complete example
public function verify(Request $request)
{
$user = User::findOrfail($request->route('id'));
if (! hash_equals((string) $request->route('id'), (string) $user->getKey())) {
throw new AuthorizationException;
}
if (! hash_equals((string) $request->route('hash'), sha1($user->getEmailForVerification()))) {
throw new AuthorizationException;
}
if ($user->hasVerifiedEmail()) {
return redirect($this->redirectPath())->with('verified', true);
}
if ($user->markEmailAsVerified()) {
event(new Verified($request->user()));
}
return redirect($this->redirectPath())->with('registered', true);
}
I change EmailVerificationRequest but i now this is wrong, any way it's work.
Warning
This change on the vendor
protected $user;
public function authorize()
{
$this->user = \App\Models\User::find($this->route('id'));
if ($this->user != null){
if (! hash_equals((string) $this->route('id'),
(string) $this->user->getKey())) {
return false;
}
if (! hash_equals((string) $this->route('hash'),
sha1($this->user->getEmailForVerification()))) {
return false;
}
return true;
}
return false;
}
To use inner laravel logic (without overriding the logic), we simply create $request->user() and call trait's verify method. And manually sign in the user when the verification is successful.
use VerifiesEmails {
verify as parentVerify;
}
public function verify(Request $request)
{
$user = User::find($request->route('id'));
if (!$user) return abort(404);
$request->setUserResolver(function () use($user) {
return $user;
});
return $this->parentVerify($request);
}
public function verified(Request $request)
{
Auth::login($request->user());
}

Add session before login verification with Laravael auth

Laravel 5.4.
I want to set a session when an user try to login. I found I can use a login function in my LoginController.php.
My code :
public function login(Request $request)
{
//Set session as 'login'
Session::put('last_auth', 'login');
}
It's correctly set my session but it doesn't continue the login and i get a blank page.
How can I say to my function to continue the login after set my session ?
Thanks
if you want override original laravel default login function, you can put this into Auth\LoginController, and remember to import use Illuminate\Http\Request;
public function login(Request $request)
{
// Here is your customized code
Session::put('last_auth', 'login');
$this->validateLogin($request);
// If the class is using the ThrottlesLogins trait, we can automatically throttle
// the login attempts for this application. We'll key this by the username and
// the IP address of the client making these requests into this application.
if ($this->hasTooManyLoginAttempts($request)) {
$this->fireLockoutEvent($request);
return $this->sendLockoutResponse($request);
}
if ($this->attemptLogin($request)) {
return $this->sendLoginResponse($request);
}
// If the login attempt was unsuccessful we will increment the number of attempts
// to login and redirect the user back to the login form. Of course, when this
// user surpasses their maximum number of attempts they will get locked out.
$this->incrementLoginAttempts($request);
return $this->sendFailedLoginResponse($request);
}
and here is register function
Import use Illuminate\Auth\Events\Registered; and add:
public function register(Request $request)
{
$this->validator($request->all())->validate();
event(new Registered($user = $this->create($request->all())));
$this->guard()->login($user);
return $this->registered($request, $user)
?: redirect($this->redirectPath());
}

Laravel redirect back to original destination after login

This seems like a pretty basic flow, and Laravel has so many nice solutions for basic things, I feel like I'm missing something.
A user clicks a link that requires authentication. Laravel's auth filter kicks in and routes them to a login page. User logs in, then goes to the original page they were trying to get to before the 'auth' filter kicked in.
Is there a good way to know what page they were trying to get to originally? Since Laravel is the one intercepting the request, I didn't know if it keeps track somewhere for easy routing after the user logs in.
If not, I'd be curious to hear how some of you have implemented this manually.
For Laravel 5.3 and above
Check Scott's answer below.
For Laravel 5 up to 5.2
Simply put,
On auth middleware:
// redirect the user to "/login"
// and stores the url being accessed on session
if (Auth::guest()) {
return redirect()->guest('login');
}
return $next($request);
On login action:
// redirect the user back to the intended page
// or defaultpage if there isn't one
if (Auth::attempt(['email' => $email, 'password' => $password])) {
return redirect()->intended('defaultpage');
}
For Laravel 4 (old answer)
At the time of this answer there was no official support from the framework itself. Nowadays you can use the method pointed out by bgdrl below this method: (I've tried updating his answer, but it seems he won't accept)
On auth filter:
// redirect the user to "/login"
// and stores the url being accessed on session
Route::filter('auth', function() {
if (Auth::guest()) {
return Redirect::guest('login');
}
});
On login action:
// redirect the user back to the intended page
// or defaultpage if there isn't one
if (Auth::attempt(['email' => $email, 'password' => $password])) {
return Redirect::intended('defaultpage');
}
For Laravel 3 (even older answer)
You could implement it like this:
Route::filter('auth', function() {
// If there's no user authenticated session
if (Auth::guest()) {
// Stores current url on session and redirect to login page
Session::put('redirect', URL::full());
return Redirect::to('/login');
}
if ($redirect = Session::get('redirect')) {
Session::forget('redirect');
return Redirect::to($redirect);
}
});
// on controller
public function get_login()
{
$this->layout->nest('content', 'auth.login');
}
public function post_login()
{
$credentials = [
'username' => Input::get('email'),
'password' => Input::get('password')
];
if (Auth::attempt($credentials)) {
return Redirect::to('logged_in_homepage_here');
}
return Redirect::to('login')->with_input();
}
Storing the redirection on Session has the benefit of persisting it even if the user miss typed his credentials or he doesn't have an account and has to signup.
This also allows for anything else besides Auth to set a redirect on session and it will work magically.
Laravel >= 5.3
The Auth changes in 5.3 make implementation of this a little easier, and slightly different than 5.2 since the Auth Middleware has been moved to the service container.
Modify the new Middleware auth redirector
/app/Http/Middleware/RedirectIfAuthenticated.php
Change the handle function slightly, so it looks like:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect()->intended('/home');
}
return $next($request);
}
TL;DR explanation
The only difference is in the 4th line; by default it looks like this:
return redirect("/home");
Since Laravel >= 5.3 automatically saves the last "intended" route when checking the Auth Guard, it changes to:
return redirect()->intended('/home');
That tells Laravel to redirect to the last intended page before login, otherwise go to "/home" or wherever you'd like to send them by default.
There's not much out there on the differences between 5.2 and 5.3, and in this area in particular there are quite a few.
I found those two great methods that might be extremely helpful to you.
Redirect::guest();
Redirect::intended();
You can apply this filter to the routes that need authentication.
Route::filter('auth', function()
{
if (Auth::guest()) {
return Redirect::guest('login');
}
});
What this method basically does it's to store the page you were trying to visit and it is redirects you to the login page.
When the user is authenticated you can call
return Redirect::intended();
and it's redirects you to the page you were trying to reach at first.
It's a great way to do it although I usually use the below method.
Redirect::back()
You can check this awesome blog.
You may use Redirect::intended function. It will redirect the user to the URL they were trying to access before being caught by the authenticaton filter. A fallback URI may be given to this
method in case the intended destinaton is not available.
In post login/register:
return Redirect::intended('defaultpageafterlogin');
Change your LoginControllers constructor to:
public function __construct()
{
session(['url.intended' => url()->previous()]);
$this->redirectTo = session()->get('url.intended');
$this->middleware('guest')->except('logout');
}
It will redirect you back to the page BEFORE the login page (2 pages back).
I have been using this for a while on my language selector code. As long as you only need to go back by just 1 page it works fine:
return Redirect::to(URL::previous());
It ain't the most powerful solution out there but it is super-easy and can help solve a few puzzles. :)
For Laravel 8
Following approach works for me for Laravel 8.
Controller based approach
/app/Http/Controllers/Auth/AuthenticatedSessionController.php
Pre-login
The intended url will be stored in the session at create :
/**
* Display the login view.
*
* #return \Illuminate\View\View
*/
public function create()
{
session(['url.intended' => url()->previous()]);
return view('auth.login');
}
Post-login
Upon successful login, in case a intended url is available in session then redirect to it otherwise redirect to the default one :
/**
* Handle an incoming authentication request.
*
* #param \App\Http\Requests\Auth\LoginRequest $request
* #return \Illuminate\Http\RedirectResponse
*/
public function store(LoginRequest $request)
{
$request->authenticate();
//in case intended url is available
if (session()->has('url.intended')) {
$redirectTo = session()->get('url.intended');
session()->forget('url.intended');
}
$request->session()->regenerate();
if ($redirectTo) {
return redirect($redirectTo);
}
return redirect(RouteServiceProvider::HOME);
}
return Redirect::intended('/');
this will redirect you to default page of your project i.e. start page.
For laravel 5.* try these.
return redirect()->intended('/');
or
return Redirect::intended('/');
Laravel 3
I tweaked your (Vinícius Fragoso Pinheiro) code slightly, and placed the following in filters.php
Route::filter('auth', function()
{
// If there's no user authenticated session
if (Auth::guest()) {
// Flash current url to session and redirect to login page
Session::flash('redirect', URL::full());
return Redirect::guest('login');
}
});
And then within the my AuthController.php:
// Try to log the user in.
if (Auth::attempt($userdata)) {
if ($redirect = Session::get('redirect')) {
return Redirect::to($redirect);
} else {
// Redirect to homepage
return Redirect::to('your_default_logged_in_page')->with('success', 'You have logged in successfully');
}
} else {
// Reflash the session data in case we are in the middle of a redirect
Session::reflash('redirect');
// Redirect to the login page.
return Redirect::to('login')->withErrors(['password' => 'Password invalid'])->withInput(Input::except('password'));
}
Notice that the 'redirect' session data is reflashed if there is a authentication issue. This keeps the redirect intact during any login mishaps, but should the user click away at any point, the next login process is not disrupted by the session data.
You also need to reflash the data at the point of showing the login form in your AuthController, otherwise the chain is broken:
public function showLogin()
{
// Reflash the session data in case we are in the middle of a redirect
Session::reflash('redirect');
// Show the login page
return View::make('auth/login');
}
Use Redirect;
Then use this:
return Redirect::back();
In Laravel 5.8
in App\Http\Controllers\Auth\LoginController add the following method
public function showLoginForm()
{
if(!session()->has('url.intended'))
{
session(['url.intended' => url()->previous()]);
}
return view('auth.login');
}
in App\Http\Middleware\RedirectIfAuthenticated replace " return redirect('/home'); " with the following
if (Auth::guard($guard)->check())
{
return redirect()->intended();
}
Its September 2022 now, and I would like to share what I did for the OP's questions. Please be easy on me, still noob here.
My problem : After I implement MustVerifyEmail, the above solutions did not work. I use Laravel 6.x.
So after getting headache overnight, countless mugs of coffe, finally its working now. It isn't new solution because it is a modification from previous answers.
Step 1.
Do realize that : session with name 'url.intended' is already been taken by : vendor\laravel\framework\src\Illuminate\Routing\Redirector.php
So I choose to use different name for the session which is : 'url_intended'
Step 2.
Add this line:
session(['url_intended' => url()->previous()]);
In app\Http\Middleware\Authenticate.php something like below:
<?php
namespace App\Http\Middleware;
use Illuminate\Auth\Middleware\Authenticate as Middleware;
class Authenticate extends Middleware
{
/**
* Get the path the user should be redirected to when they are not authenticated.
*
* #param \Illuminate\Http\Request $request
* #return string
*/
protected function redirectTo($request)
{
session(['url_intended' => url()->previous()]);
if (! $request->expectsJson()) {
return route('login');
}
}
}
Now, here comes the key solution. Instead modifying the app\Http\Controllers\Auth\LoginController or app\Http\Middleware\RedirectIfAuthenticated.php
which did not work for me, I modify the vendor\laravel\framework\src\Illuminate\Auth\Middleware\EnsureEmailIsVerified.php
by adding the following (copy paste and slight modification from above previous answers)
if (session()->has('url_intended')) {
$redirectURL = session()->get('url_intended');
session()->forget('url_intended');
return redirect($redirectURL);
}
with full code as below :
<?php
namespace Illuminate\Auth\Middleware;
use Closure;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Support\Facades\Redirect;
class EnsureEmailIsVerified
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #param string|null $redirectToRoute
* #return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle($request, Closure $next, $redirectToRoute = null)
{
if (! $request->user() ||
($request->user() instanceof MustVerifyEmail &&
! $request->user()->hasVerifiedEmail())) {
return $request->expectsJson()
? abort(403, 'Your email address is not verified.')
: Redirect::route($redirectToRoute ?: 'verification.notice');
}
if (session()->has('url_intended')) {
$redirectURL = session()->get('url_intended');
session()->forget('url_intended');
return redirect($redirectURL);
}
return $next($request);
}
}
its working like charm.
Update: simply create new middleware based on existing EnsureEmailIsVerified middleware, and attach it to Kernel.php :
protected $routeMiddleware = [
//other middlewares here..
'verified' => \App\Http\Middleware\EnsureEmailIsVerified::class,
];
Here is my solution for 5.1. I needed someone to click a "Like" button on a post, get redirected to login, then return to the original page. If they were already logged in, the href of the "Like" button was intercepted with JavaScript and turned into an AJAX request.
The button is something like Like This Post!. /like/931 is handled by a LikeController that requires the auth middleware.
In the Authenticate middleware (the handle() function), add something like this at the start:
if(!str_contains($request->session()->previousUrl(), "/auth/login")) {
$request->session()->put('redirectURL', $request->session()->previousUrl());
$request->session()->save();
}
Change /auth/login to whatever your URL is for logging in. This code saves the original page's URL in the session unless the URL is the login URL. This is required because it appears as though this middleware gets called twice. I am not sure why or if that's true. But if you don't check for that conditional, it will be equal to the correct original page, and then somehow get chanced to /auth/login. There is probably a more elegant way to do this.
Then, in the LikeController or whatever controller you have that handles the URL for the button pushed on the original page:
//some code here that adds a like to the database
//...
return redirect($request->session()->get('redirectURL'));
This method is super simple, doesn't require overriding any existing functions, and works great. It is possible there is some easier way for Laravel to do this, but I am not sure what it is. Using the intended() function doesn't work in my case because the LikeController needed to also know what the previous URL was to redirect back to it. Essentially two levels of redirection backwards.
For Laravel 5.5 and probably 5.4
In App\Http\Middleware\RedirectIfAuthenticated change redirect('/home') to redirect()->intended('/home') in the handle function:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect()->intended('/home');
}
return $next($request);
}
in App\Http\Controllers\Auth\LoginController create the showLoginForm() function as follows:
public function showLoginForm()
{
if(!session()->has('url.intended'))
{
session(['url.intended' => url()->previous()]);
}
return view('auth.login');
}
This way if there was an intent for another page it will redirect there otherwise it will redirect home.
Laravel now supports this feature out-of-the-box!
(I believe since 5.5 or earlier).
Add a __construct() method to your Controller as shown below:
public function __construct()
{
$this->middleware('auth');
}
After login, your users will then be redirected to the page they intended to visit initially.
You can also add Laravel's email verification feature as required by your application logic:
public function __construct()
{
$this->middleware(['auth', 'verified']);
}
The documentation contains a very brief example:
https://laravel.com/docs/5.8/authentication#protecting-routes
It's also possible to choose which controller's methods the middleware applies to by using except or only options.
Example with except:
public function __construct()
{
$this->middleware('auth', ['except' => ['index', 'show']]);
}
Example with only:
public function __construct()
{
$this->middleware('auth', ['only' => ['index', 'show']]);
}
More information about except and only middleware options:
https://laravel.com/api/5.8/Illuminate/Routing/ControllerMiddlewareOptions.html#method_except
if you are using axios or other AJAX javascript library you may want to retrive the url and pass to the front end
you can do that with the code below
$default = '/';
$location = $request->session()->pull('url.intended', $default);
return ['status' => 200, 'location' => $location];
This will return a json formatted string
If the filter is handled at the routes level, then its so simple since you just need to attach an auth middleware to your original link. When a user successfully pass through the middleware check (means they login), they are automatically redirected to the intended destination. For example, you can do this instead of checking authentication in the controller
Route::get('/appointments',[AppointmentsController::class,'appointments'])->middleware(['auth'])->name('appointments');
Did you try this in your routes.php ?
Route::group(['middleware' => ['web']], function () {
//
Route::get('/','HomeController#index');
});
// Also place this code into base controller in contract function, because ever controller extends base controller
if(Auth::id) {
//here redirect your code or function
}
if (Auth::guest()) {
return Redirect::guest('login');
}
For Laravel 5.2 (previous versions I did not use)
Paste the code into the file app\Http\Controllers\Auth\AurhController.php
/**
* Overrides method in class 'AuthenticatesUsers'
*
* #return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function showLoginForm()
{
$view = property_exists($this, 'loginView')
? $this->loginView : 'auth.authenticate';
if (view()->exists($view)) {
return view($view);
}
/**
* seve the previous page in the session
*/
$previous_url = Session::get('_previous.url');
$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$ref = rtrim($ref, '/');
if ($previous_url != url('login')) {
Session::put('referrer', $ref);
if ($previous_url == $ref) {
Session::put('url.intended', $ref);
}
}
/**
* seve the previous page in the session
* end
*/
return view('auth.login');
}
/**
* Overrides method in class 'AuthenticatesUsers'
*
* #param Request $request
* #param $throttles
*
* #return \Illuminate\Http\RedirectResponse
*/
protected function handleUserWasAuthenticated(Request $request, $throttles)
{
if ($throttles) {
$this->clearLoginAttempts($request);
}
if (method_exists($this, 'authenticated')) {
return $this->authenticated($request, Auth::guard($this->getGuard())->user());
}
/*return to the previous page*/
return redirect()->intended(Session::pull('referrer'));
/*return redirect()->intended($this->redirectPath()); /*Larevel default*/
}
And import namespace: use Session;
If you have not made any changes to the file app\Http\Controllers\Auth\AurhController.php, you can just replace it with the file from the GitHub
Laravel 5.2
If you are using a another Middleware like Admin middleware you can set a session for url.intended by using this following:
Basically we need to set manually \Session::put('url.intended', \URL::full()); for redirect.
Example
if (\Auth::guard($guard)->guest()) {
if ($request->ajax() || $request->wantsJson()) {
return response('Unauthorized.', 401);
} else {
\Session::put('url.intended', \URL::full());
return redirect('login');
}
}
On login attempt
Make sure on login attempt use return \Redirect::intended('default_path');
Larvel 5.3 this actually worked for me by just updating LoginController.php
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\URL;
public function __construct()
{
$this->middleware('guest', ['except' => 'logout']);
Session::set('backUrl', URL::previous());
}
public function redirectTo()
{
return Session::get('backUrl') ? Session::get('backUrl') : $this->redirectTo;
}
ref: https://laracasts.com/discuss/channels/laravel/redirect-to-previous-page-after-login
I am using the following approach with a custom login controller and middleware for Laravel 5.7, but I hope that works in any of laravel 5 versions
inside middleware
if (Auth::check()){
return $next($request);
}
else{
return redirect()->guest(route('login'));
}
inside controller login method
if (Auth::attempt(['email' => $email, 'password' => $password])) {
return redirect()->intended('/default');
}
If you need to pass the intented url to client side, you can try the following
if (Auth::attempt(['username' => $request->username, 'password' => $request->password])) {
$intended_url= redirect()->intended('/default')->getTargetUrl();
$response = array(
'status' => 'success',
'redirectUrl' => $intended_url,
'message' => 'Login successful.you will be redirected to home..', );
return response()->json($response);
} else {
$response = array(
'status' => 'failed',
'message' => 'username or password is incorrect', );
return response()->json($response);
}
First, you should know, how you redirect user to 'login' route:
return redirect()->guest('/signin');
Not like this:
return redirect()->intended('/signin');
For Laravel 5.7, You need to make change into:
Middleware>RedirectIfAuthenticated.php
Change this:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/admin');
}
return $next($request);
}
To this:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/yourpath');
}
return $next($request);
}
return redirect('/yourpath');

Resources